suavedandy | Oh, wow. Tor actually did optimize it's interface for one-handed use. | 00:02 |
---|---|---|
suavedandy | That's actually very sweet. | 00:02 |
suavedandy | Oh, wait. It was Mozilla's tweak. I'm impressed, Mozilla. Impressed. | 00:04 |
suavedandy | I have no idea what's the use of bloated Samsung Internet by this point. | 00:06 |
fsmithred | dude, you're rambling | 00:08 |
fsmithred | biab, need food | 00:08 |
clort | rambling in offtopic pls | 00:09 |
suavedandy | I was just testing Tor Browser on my phone along with Firefox. | 00:13 |
suavedandy | The interface has become much more comfy. I vm pleased. | 00:13 |
suavedandy | How is Tor so snappy? | 00:15 |
suavedandy | Weird. | 00:15 |
golinux | More fodder for offtopic, suavedandy | 00:18 |
golinux | Please don't clog this channel. | 00:18 |
suavedandy | Okay, okay. | 00:18 |
suavedandy | I've messed up with the username. | 00:34 |
suavedandy | Is there a way to change it? | 00:35 |
clort | yes | 00:37 |
suavedandy | Thank you, kind sir. | 00:40 |
fsmithred | after the install you want to change your username? | 00:40 |
suavedandy | I figured it myself anyway. Turns out that it's indeed usermod. I just needed to login as root. | 00:41 |
suavedandy | I wrote my real name. | 00:41 |
fsmithred | yeah | 00:41 |
suavedandy | User name. | 00:41 |
fsmithred | there's also a script called change-username | 00:41 |
suavedandy | I got confoozed, | 00:41 |
suavedandy | And then it asks for my real name. | 00:41 |
suavedandy | And I'm like. | 00:41 |
fsmithred | that will change the name, home dir, and some other stuff | 00:41 |
suavedandy | "I've already wrote it!" | 00:41 |
fsmithred | I usually leave the real name blank | 00:41 |
clort | where is this script | 00:41 |
fsmithred | if you just want to get rid of that, you can edit /etc/passwd | 00:42 |
fsmithred | clort, it comes with refractainstaller | 00:42 |
clort | ah | 00:42 |
fsmithred | the change-username part of the installer used to be a separate script. I kept it in the package. | 00:42 |
clort | is there anything in refracta that shouldn't be in devuan installer? | 00:44 |
suavedandy | No. | 00:46 |
suavedandy | Devuan's installer is dated and cumbersome. | 00:46 |
clort | the refracta.org doesn't help me understand 'why did i do this' | 00:46 |
fsmithred | why did you do what? | 00:47 |
clort | why did refracta author make it | 00:47 |
suavedandy | And by Devuan's installer I mean the partitioning. | 00:47 |
fsmithred | I made it as a way to install from live-CD | 00:48 |
suavedandy | clort: *fsmithred | 00:48 |
fsmithred | without having to build the iso with debian-installer, which is not so easy to do | 00:48 |
clort | put that right on homepage then. | 00:48 |
fsmithred | put what? | 00:48 |
clort | otherwise its existence is obfusticated | 00:48 |
clort | <@fsmithred> I made it as a way to install from live-CD | 00:48 |
fsmithred | it's there on the refracta.org home page | 00:49 |
suavedandy | clort: Refracta is MX Linux of Devuan. | 00:49 |
clort | Refracta is an operating system designed for home computer users. It provides a simple and familiar layout that most users will find very comfortable. | 00:49 |
clort | so is devuan | 00:49 |
clort | actually the homepage does a pretty good job | 00:50 |
suavedandy | Devuan is not MX Linux of Debian. | 00:50 |
suavedandy | MX Linux as in Ubuntu. | 00:50 |
suavedandy | But Debian. | 00:50 |
suavedandy | Ubuntu Debian GNU/Linux operating system. | 00:51 |
suavedandy | Registered trademark. | 00:51 |
suavedandy | Debian Foundation inc. | 00:51 |
suavedandy | All rights reserved. | 00:52 |
suavedandy | clort: Heh, you like nitpicking, it seems. | 00:53 |
suavedandy | Oh, wait, it's #devuan | 00:53 |
suavedandy | fsmithred: The installation went great. | 02:08 |
suavedandy | The only caveat is that your live image has OpenRC. | 02:09 |
suavedandy | And for some reason OpenRC always complains that it can't stop anacron. | 02:09 |
suavedandy | Don't know why. | 02:10 |
fsmithred | what??? | 02:14 |
fsmithred | suavedandy, you would only get openrc if you installed it or if you used the one openrc iso in my experimental folder | 02:16 |
fsmithred | and you can't miss it - it has 'openrc' in the file name. | 02:16 |
specing | It's unstoppable mwahahaha! | 02:19 |
clort | devuan? | 02:21 |
clort | openrc? | 02:21 |
suavedandy | Yes. | 02:22 |
suavedandy | Devuan OpenRC. | 02:22 |
clort | i wonder what specing is referring to? | 02:22 |
suavedandy | Ah, never mind. | 02:22 |
suavedandy | Perhaps the live image was with OpenRC. | 02:23 |
suavedandy | I see good ol' SysVinit. | 02:23 |
suavedandy | No more problems, I guess. The Internet is once again back to normal after some toggling of the airplane mode and restarting of wpa_supplicant. | 02:24 |
suavedandy | Weird machinations, I know. | 02:25 |
suavedandy | But hey, it worked. | 02:25 |
suavedandy | Ah, the only issue I haven't looked into is Cyrillic font. | 02:26 |
suavedandy | I'll look into it after I get some sleep. | 02:26 |
suavedandy | I got surprisingly far this time around. | 02:26 |
systemdlete | I'm trying to forward packets on refracta. I'm guessing it is the same as on devuan. I have set up 3 machines for this purpose. I have A (source) machine, B (where firewall runs and where I want to set up forwarding), and C which is a target system. | 04:34 |
systemdlete | On A, I run ping C. Using wireshark on C, I can see C is receiving pings and responding. But neither A nor B see the ping responses. | 04:34 |
systemdlete | I'm using gufw/ufw and I've set up forwarding per their instructions. B is dual-homed of course, with an interface facing A, and an interface facing C. | 04:35 |
systemdlete | Do I need NAT to do this? I was hoping to use gufw (and ufw) to accomplish this. Seems like this should be simple. | 04:36 |
clort | could you document how you do that if you get it working | 04:37 |
clort | cause i fail at that now too | 04:37 |
systemdlete | Btw, A is a devuan Ascii system, B is a refracta system, and C is a different Ascii system. | 04:38 |
Hurgotron | systemdlete: One would need IP addresses, networks and routing to analyze | 04:45 |
systemdlete | Hurgotron: Here is what I have configured: A is 192.168.57.1, B is 192.168.57.2 (both on same leg) and B has 192.168.56.2, C has 192.168.56.18 (both on same leg) | 04:49 |
systemdlete | I'll call them A-B network and B-C network, respectively. | 04:50 |
systemdlete | A has default route to 192.168.56.2 | 04:50 |
systemdlete | B has default route to 192.168.56.1 | 04:50 |
systemdlete | C has default route to 192.168.56.1 also | 04:50 |
systemdlete | Hurgotron, for the moment, assume I am entering IP addresses only, no DNS etc | 04:51 |
Hurgotron | both /24 networks? A has default route to 192.168.57.2 and C to 192.168.56.2 ? | 04:53 |
systemdlete | ^^ | 04:53 |
systemdlete | (and yes /24) | 04:54 |
Hurgotron | ah sorry too slow today | 04:54 |
systemdlete | nw | 04:54 |
systemdlete | thanks for helping | 04:54 |
systemdlete | I guess you can say that network A-B is 192.168.57.0/24 and B-C is 192.168.56.0/24 | 04:55 |
Hurgotron | right | 04:55 |
Hurgotron | But where is 192.168.56.1? | 04:55 |
Hurgotron | You just mention that as a route target and not as a host address. | 04:55 |
systemdlete | That's another router that takes packets to the Internet, but no need to worry about that now. I'd be happy to hit 192.168.56.18 at this point! | 04:55 |
systemdlete | Hurgotron, I skpped some info | 04:56 |
systemdlete | All 3 systems hvae router entries for their own interfaces. I thought that was obvious, sorry. | 04:56 |
systemdlete | Also, C does not need to hit A. Just A getting out to C (and the Internet, later on, once this is figured out) | 04:58 |
systemdlete | A and C are single-homed systems, just for clarity. | 04:59 |
Hurgotron | Hmm, not sure what you mean, anyway. C needs to have a route to 192.168.57.0/24 with gateway 192.168.56.1 if you want to ping between a and C | 04:59 |
systemdlete | That's what I was afraid of. Would NAT or masquerading solve this for me? | 05:00 |
systemdlete | I think ufw can do NAT, but gufw does not have a way to do this directly. | 05:00 |
Hurgotron | Yes, should work | 05:00 |
systemdlete | What does this exact same scenario look like in IPv6? Does IPv6 have NAT, or does its design obviate the need for NAT? | 05:01 |
systemdlete | I vaguely recall reading about this years ago, but I forgot what it said now. | 05:01 |
systemdlete | (I'm not serious about v6 atm, just curious) | 05:02 |
Hurgotron | Should not need nat, but needs more subnetting. Nice is the autoconfiguration with router advertisements. | 05:03 |
systemdlete | Hurgotron: Thank you for confirming my suspicions. I have something to work with now. Greatly appreciated. | 05:03 |
Hurgotron | anytime. | 05:04 |
clort | 'lets improve iptables, they said' | 05:37 |
r3boot | yep, and instead of importing pf, they wrote nftables .. such a missed chance | 10:05 |
r3boot | systemdlete: not only does ipv6 do nat, it is being used to implement CGN, which means the end of e2e connectivity on the internet | 10:06 |
DPA | I'm no expert in IPv6, I still haven't even gotten around to setting it up at home. But as far as I know, IPv6 doesn't require that ISPs use NAT. | 10:39 |
DPA | Wasn't it was even intended that every internet user would get a prefix with an entire block of addresses originally, to make it possible for | 10:39 |
DPA | every device in a local network to be globally addressable and reachable? | 10:39 |
sixwheeledbeast | it wouldn't be required but they do, I assume was the point? | 10:42 |
r3boot | it's not required, but it is possible | 10:42 |
r3boot | Also, re: ipv6, the article 'network service models' in this edition of IPJ explains the financial dynamics nicely: https://ipj.dreamhosters.com/wp-content/uploads/issues/2013/ipj16-2.pdf | 10:43 |
systemdlete | sadly, I am getting this error when I add the lines for NAT: problem running ufw-init bad argument *nat | 11:55 |
systemdlete | I ran the requirements script for ufw and it passed, no errors. So it seems like I should have everything I need to do NAT | 11:56 |
systemdlete | Seems like I need to add NAT table, but instructions did not indicate that specifically; https://gist.github.com/kimus/9315140 | 11:58 |
systemdlete | Maybe these instructions are out of date for newer releases of ufw | 11:58 |
systemdlete | nvm. I think I missed a step... | 12:01 |
systemdlete | yep. Forgot to set the default policy instruction... | 12:01 |
Ryushin | I think I remember reading there was a systemd unit to sysvinit script convertor somewhere. The only one I found online is 8 years old and is not working properly. Anyone know of a new one? | 16:58 |
fsmithred | Ryushin, check upstream sysvinit packages. I think it's in there. | 17:03 |
Ryushin | After a few hours I couldn't find it, now I just did searching through the mailing archives: http://www.trek.eu.org/devel/sysd2v/ | 17:03 |
Ryushin | fsmithred: You're right. It's in the new sysvinit source I guess. | 17:04 |
fsmithred | Maybe this? sysvinit-utils: /lib/init/init-d-script | 17:05 |
Ryushin | From the email: Trek sent over a Bash shell script which accepts a systemd unit file as its sole parameter. It then digests the unit file and prints out an equivalent shell script and some debugging information. The shell script is called sysd2v.sh and is now included in the SysV init source code, under the "contrib" directory. | 17:06 |
Ryushin | Going to try it out now. | 17:06 |
fsmithred | apt-file can't find it in ceres | 17:08 |
fsmithred | gotta go. bbl. | 17:08 |
Ryushin | fsmithred: Thanks have a great day. | 17:12 |
Ryushin | Here we go: http://git.savannah.nongnu.org/cgit/sysvinit.git/tree/contrib/sysd2v.sh | 17:14 |
Ryushin | fsmithred: I'm impressed!! Script worked wonderfully converting the three Greenbone Security Scanner systemd unit files. | 17:25 |
Ryushin | That is several hours worth of work saved. | 17:26 |
Wonka | does anyone have any idea why g++-10, gcc-10, cpp-10 grow several hundred megabytes each from 10.2.0-15 to 10.2.0-16? | 18:53 |
crashoverride | ram is cheap. | 18:54 |
Wonka | not for a 2011 macbook pro | 18:55 |
crashoverride | yeah well, that's what happens when you value form over function :) | 18:57 |
Wonka | back then, I valued it functioning longer than plastic cased devices. And I was right, it still runs. | 18:58 |
Wonka | all previous notebooks only survived about three years | 18:59 |
xinomilo | thinkpad from 2011, still runs fine | 19:01 |
Wonka | the ThinkPad R60 back then only did 3 years... but I was constantly lugging them devices around. | 19:02 |
conifer | hi, iirc in the past when i connected a luks+lvm encrypted drive by usb i could mount the partitions when i entered the password, but now in beowulf this does not happen | 22:15 |
conifer | i can see the unlocked luks volume in gnome disks with the lvm inside | 22:17 |
conifer | but it does not recognize the partitions in the lvm | 22:17 |
fsmithred | do you see any of it in /dev/mapper? | 22:18 |
conifer | how can i access these partitions? | 22:18 |
fsmithred | cryptsetup luksOpen /dev/<encrypted partition> <some name> | 22:19 |
fsmithred | vgchange -ay <volume-group> | 22:20 |
conifer | the luks is in /dev/mapper | 22:20 |
fsmithred | mount /dev/mapper/<vg-lv> | 22:20 |
fsmithred | so start with vgchange | 22:20 |
fsmithred | you can use vgdisplay to see what's going on | 22:21 |
conifer | when i point cryptsetup luksOpen to the luks-[id] i see in /dev/mapper it says it doesn't exist or access denied | 22:24 |
fsmithred | it's already open | 22:26 |
fsmithred | start with vgchange | 22:26 |
fsmithred | did you already give the passphrase for it? | 22:26 |
fsmithred | or is there a keyfile? | 22:27 |
conifer | i entered my password and it looks open in gnome disks | 22:27 |
fsmithred | ok, so it is open | 22:27 |
fsmithred | you need to activate the lvm | 22:27 |
fsmithred | vgdisplay to find the names | 22:28 |
fsmithred | vgchange -ay <volume-group> | 22:28 |
conifer | what do i need for vgdisplay to work? is liblinux-lvm-perl enough? | 22:29 |
fsmithred | I don't know. I assume that you get whatever you need with lvm2 | 22:29 |
fsmithred | you need to be root | 22:29 |
conifer | oops, tried to run it from non-root term | 22:30 |
conifer | vgchange worked and now i can access it through gui | 22:33 |
conifer | thanks a lot! :) | 22:33 |
suavedandy | fsmithred: So I was using these instructions on how to prevent entering an encryption key twice. | 22:39 |
suavedandy | https://is.gd/HkC7jH | 22:39 |
suavedandy | The problem arises with the second step. | 22:39 |
suavedandy | There is no /etc/mkinitcpio.conf | 22:40 |
suavedandy | And so I don't really know what to do. | 22:41 |
clort | we have no package providing mkinitcpio.conf | 22:44 |
suavedandy | Alright, I'll try another method. | 22:47 |
suavedandy | fsmithred: I like how you made fstab clean. | 22:51 |
suavedandy | Looks very compact. | 22:51 |
suavedandy | ( umask 0077 && dd if=/dev/urandom bs=1 count=64 of=/etc/keys/root.key conv=excl,fsync ) | 22:53 |
suavedandy | Do brackets actually do anything here? | 22:53 |
fsmithred | suavedandy, where are you looking? | 23:10 |
suavedandy | https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html | 23:11 |
fsmithred | ok, I took a quick look, and it makes no sense to me | 23:14 |
fsmithred | looks like the keyfile goes into the initramfs, which I assume is in /boot which is encrypted. How do you get in? | 23:15 |
fsmithred | or does it just boot automatically with the key for anyone who powers it up? | 23:15 |
suavedandy | Following the instructions. | 23:19 |
suavedandy | Everything seems to be working well so far. | 23:19 |
suavedandy | Unlike my previous try with these instructions. | 23:20 |
suavedandy | Better not screw up again. | 23:20 |
fsmithred | maybe grub takes the password and then the initramfs uses the keyfile | 23:20 |
suavedandy | I just realized that when I tested micro I pressed Alt+Right. | 23:27 |
suavedandy | And that opens the next TTY. | 23:27 |
suavedandy | It's not micro being glitchy. It's me being an imbecile. | 23:27 |
suavedandy | fsmithred: Yay! It worked! | 23:45 |
suavedandy | Minus one problem. | 23:46 |
fsmithred | what's that? | 23:46 |
suavedandy | fsmithred: With the guide I followed there is no more asking for the encryption password twice. | 23:53 |
suavedandy | I only need to enter the password once. | 23:53 |
fsmithred | yeah, makes sense. | 23:53 |
suavedandy | You set up the encrypted boot installation right but the password still needs to be entered at the initramfs stage. | 23:54 |
suavedandy | I think adding the fourth script from the guide to the installer would be a good idea. | 23:55 |
fsmithred | my problem with fde is that grub takes too long to respond to the pass | 23:55 |
suavedandy | There's also a section on booting optimization. | 23:55 |
suavedandy | The last part of the third section, to be precise. | 23:57 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!